Merge pull request #431 from c00kiemon5ter/feature-force-authn-configuration

Add force_authn sp configuration option

2 files changed, 22 insertions, 0 deletions

diff --git a/tests/test_31_config.py b/tests/test_31_config.py
index 623c944f..eb8480c6 100644
--- a/tests/test_31_config.py
+++ b/tests/test_31_config.py
@@ -68,6 +68,7 @@ sp2 = {
             },
             "authn_requests_signed": True,
             "logout_requests_signed": True,
+            "force_authn": True,
         }
     },
     #"xmlsec_binary" : "/opt/local/bin/xmlsec1",
@@ -408,5 +409,15 @@ def test_crypto_backend():
     sec = security_context(idpc)
     assert isinstance(sec.crypto, CryptoBackendXMLSecurity)
 
+def test_unset_force_authn():
+    cnf = SPConfig().load(sp1)
+    assert bool(cnf.getattr('force_authn', 'sp')) == False
+
+
+def test_set_force_authn():
+    cnf = SPConfig().load(sp2)
+    assert bool(cnf.getattr('force_authn', 'sp')) == True
+
+
 if __name__ == "__main__":
     test_crypto_backend()
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index 1806de41..937e0e20 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -280,6 +280,17 @@ class TestClient:
         assert nid_policy.allow_create == "false"
         assert nid_policy.format == saml.NAMEID_FORMAT_TRANSIENT
 
+    def test_create_auth_request_unset_force_authn(self):
+        req_id, req = self.client.create_authn_request(
+            "http://www.example.com/sso", sign=False, message_id="id1")
+        assert bool(req.force_authn) == False
+
+    def test_create_auth_request_set_force_authn(self):
+        req_id, req = self.client.create_authn_request(
+            "http://www.example.com/sso", sign=False, message_id="id1",
+            force_authn="true")
+        assert bool(req.force_authn) == True
+
     def test_create_auth_request_nameid_policy_allow_create(self):
         conf = config.SPConfig()
         conf.load_file("sp_conf_nameidpolicy")